Secure Programming Cookbook for C and C++, Viega, John & Matt Messier

Dan Weeks, 14 September 2003


Disclaimer: I got Secure Programming Cookbook for C and C++ for free from O'Reilly's user group sponsorship program. O'Reilly is a sponsor of the San Francisco OpenBSD Users Group.

There are many books on how to write programs in C and C++, and many people learn to write programs from them. What few (if any) of them tell you is the safe way to develop programs. With the release of Secure Programming Cookbook there is now a wealth of knowledge on the subject in one handy tome.

This book is intended for experienced C/C++ programmers. A C novice will not understand the code examples and will not understand the subtlety of the mistakes the authors warn against.

This brings us to a very good point that is brought up in the foreword of the book by Gene Spafford:

When it comes to writing reliable software, there are four kinds of programmers: The gap between the third category and the fourth may not seem like much to some readers, but there are far fewer people in that last category than you might think. It's also the case that there are lots of people in the third category who would claim they are in the fourth, but really aren't...similar to they 70% of all licensed drivers who say they are in the top 50% of safe drivers. Being an objective judge of one's own abilities is not always possible.
(pages xiii - xiv)

Messrs Viega and Messier do a good job of explaining in detail each example. The astute reader will be able to pick up on the concepts and use the Secure Programming Cookbook as a tool in their everyday programming tasks.

What's Inside

The layout of Secure Programming Cookbook is not like a conventional book that is too be read from front to back. Instead, the book is, quite normally, broken into chapters, however each chapter is broken into recipes (much like other books in the Cookbook series). Having quick access to what is needed without having to read pages and pages of material before getting to the desired information is one of the major reasons this book should end up on many a developers desk. Occasionally the user might need to read one or two recipes prior to the one they want, but that is part of the way it works (unless the person is unfamiliar with the subject matter, then it is recommended to do much more reading, lest sloppy code be produced).

The material covers C and some C++ for most systems and there is some discussion that is specific to Windows platforms where the APIs diverge from Unix systems, however, even the authors admit that what is there is sparse and could be more thoroughly covered. While almost all the recipes are for C and could easily apply to C++, the specific C++ coverage was also a little light, but when appropriate they do make mention of C++ specifics.

Secure Programming Cookbook has many recipes for generic use in every day programming. The authors do a good job of pointing out pitfalls and things to watch out for because recipes can't cover every case. Of the subject material covered the standards of safe program environment and initialization, user authentication and access, and input validation are all covered up front and very clearly. I was surprised by the large body of cryptographic recipes. While not a bad thing at all, there are a lot of topics to cover in the cryptography field and some of them will probably be out of the users scope of interest or level of understanding. That is not to say this is a bad thing about the book, for as a user matures and gains experience those areas might become more relevant.

One of the things that at first seemed to rub me the wrong way was in the discussion of string handling. There is a good amount of discourse on formatting functions and preventing buffer overflows, but in Chapter 3 the authors suggest the use of the SafeStr library (note that this library is written by the authors). At first this seems like a cop-out, isn't this book about secure programming? Shouldn't the authors provide recipes that show safe string handling? Well, yes and no. Safe string handling is a big subject and in C it is very easy to make mistakes (just look at OpenBSD's audits, they are always fixing string handling issues). Thankfully the SafeStr library is available under a BSD style license and can be incorporated into other works with little or no hassle. The only situations where I can see this being detrimental is in a large scale project where replacing the string handling with SafeStr is either impractical (although the API is written in a way to be fairly straightforward when used with legacy code) or not allowed by management decrees. Suffice to say that SafeStr code is freely available and should users want to use it the license is favorable.

The use of figures and images in the text was, quite pleasantly, lightweight. When used they are used perfectly to illustrate the needed point. As for examples, most recipes have some near real world example of using or a situation that would give rise to the need to use the recipe. The discussions often clearly enumerate the need to accomplish things a certain way. It should be pointed out that not every recipe has code associated with it because not always should the user trying to get code done, but rather the user should be making good decisions and developing secure code and practices.

The Bottom Line

This book is jam packed with excellent examples and discussion of ways to prevent programs from doing bad, and most of the time unexpected or unplanned, things. The diligent C or C++ programmer should add this as yet another volume on the bookshelf tool chest that is next to their desk. Smart programmers will realize that having this book will only help them in the long run.

The authors have set up a web site to provide a resource for programmers to find information on secure programming for any language, not just C and C++. The errata for Secure Programming Cookbook are hosted at this site too. I found a few things wrong in the book and submitted them. Satisfyingly, the authors were very prompt in replying and posting the errata (mostly typographical errors in some code sections).

As with any good resource hopefully sections that are not of interest now will become useful in the future. May the pages of your book become tattered from years of good use and good luck in your secure programming endeavors.

Last modified: Sun Sep 14 17:41:54 PDT 2003